CVE-2025-14993
HIGH
8.8
Our Analysis: Embedded
Our model has classified this vulnerability as relevant to Embedded Systems, helping your team prioritize efforts effectively.
Published Date
December 21, 2025
Last Modified
December 31, 2025
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Description
A vulnerability was detected in Tenda AC18 15.03.05.05. This affects the function sprintf of the file /goform/SetDlnaCfg of the component HTTP Request Handler. The manipulation of the argument scanList results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used.